Goldbinocle

**Name of the Vulnerable Software and Affected Versions** libmodbus version 3.1.10 **Description** The issue is a heap-based buffer overflow vulnerability in the `read io status` function located in `src/modbus.c`. This vulnerability can potentially be exploited, but there is no information provided about the estimated number of affected devices or real-world incidents. **Recommendations** For libmodbus version 3.1.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `read io status` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FTP project through 96c1a35 **Description** The issue allows remote attackers to cause a denial of service due to memory consumption by engaging in client activity, such as establishing and then terminating a connection. This occurs because `malloc` is used but `free` is not. **Recommendations** For the FTP project through 96c1a35, consider implementing proper memory deallocation using `free` to prevent memory consumption issues. As a temporary workaround, restrict the number of client connections to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ACCEL-PPP version 1.12.0 **Description** The issue is related to an out-of-bounds read in the `post msg` function when processing a `call clear request`. **Recommendations** For ACCEL-PPP version 1.12.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ACCEL-PPP version 1.12.0 **Description** The issue is an out-of-bounds read in the `triton context schedule` function that occurs when the client exits after authentication. **Recommendations** For ACCEL-PPP version 1.12.0, consider disabling the `triton context schedule` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibreSSL versions through 3.4.0 **Description** The issue is related to a stack-based buffer over-read in the `x509 constraints parse mailbox` function in `lib/libcrypto/x509/x509 constraints.c`. This occurs when the input exceeds `DOMAIN PART MAX LEN`, resulting in the buffer lacking '0' termination. **Recommendations** For versions through 3.4.0, update to a version later than 3.4.0 to resolve the issue. As a temporary workaround, consider restricting input to prevent it from exceeding `DOMAIN PART MAX LEN` until a patch is available.